CVE-2023-32200

Published: Jul 12, 2023

Modified: Oct 7, 2024

PUBLISHED

Description

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.

Vendor	Product	Versions
Apache Software Foundation	Apache Jena	affected `3.7.0 - <= 4.8.0`

Weaknesses (CWE)

CWE-917

References

https://www.cve.org/CVERecord?id=CVE-2023-22665

https://lists.apache.org/thread/7hg0t2kws3fyr75dl7lll8389xzzc46z

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-32200

Description

Affected Products

Weaknesses (CWE)

References